What to document

RE: https://falco.org/blog/falco-0-41-0/#reimplemented-container-engines-support

Bumping from a working falco 0.40.0 DaemonSet to 0.41.0 and adopting the new 'containers' plugin under the plugins stanza in falco.yaml, and I can see /usr/share/falco/plugins/libcontainer.so is loaded by falco (via lsof), and we can see in the startup logs that it was loaded and opened the correct containerd.sock path:

2025-05-29T21:06:43+0000: Loading plugin 'container' from file /usr/share/falco/plugins/libcontainer.so
2025-05-29T21:06:43+0000: [libs]: container: Enabled 'containerd' container engine.
2025-05-29T21:06:43+0000: [libs]: container: * enabled container runtime socket at '/host/run/containerd/containerd.sock'

However, it seems like post-uggrade we're no longer getting any containerd decoration of the event fields as-if the plugin isn't working. However, it isn't clear how we should go about debugging this and there's nothing under the usual troubleshooting pages in this area

Looking at the metrics dump, the containers plugin does seem to have seen containers successfully:

    "plugins.container.n_containers": 154,
    "plugins.container.n_missing_container_images": 11,